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DETAILED ACTION 

1 . This action is in response to the communication filed on January 30, 2004. 
Claims 1-21 were originally received for consideration. No preliminary amendments for 
the claims were received. 

2. Claims 1-21 are currently being considered. 

Information Disclosure Statement 

3. An initialed and signed copy of the Applicant's IDS form 1449, received on 
5/5/2004, is attached to this Office action. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claims 1, 3-4, and 21 are rejected under 35 U.S.C. 102(b) as being anticipated 
by Cho et al. (U.S. Patent 6,1 51 ,593). 

Regarding claim 1 , Cho discloses: 
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A method for providing computer-based authentication utilization keystroke 
biometrics, the method comprising the acts of: 

obtaining absolute keystroke timing data of a user while the user types a 
passphrase (column 3, lines 42-50), wherein while a user types in a password 
(passphrase) a timing vector from a keystroke characteristic is obtained; 

responsive to said obtained absolute keystroke timing data, analyzing and 
abstracting the absolute keystroke timing data into a keystroke data template (column 3, 
lines 45-57), wherein a user's timing vectors are extracted and stored as timing vectors; 
and 

verifying future keystroke timings data against the non-repudiated template 
(column 5, lines 26-42), wherein the keystroke characteristics are compared to the 
stored timing vectors, and if the difference is within a threshold value, access is granted. 

Claim 3 is rejected as applied above in rejecting claim 2. Furthermore, Cho discloses: 

The method according to claim 2 wherein the absolute keystroke timing data and 
the future absolute keystroke timing data include a serialized set of keystroke timings 
(column 3, lines 43-50), wherein the user types in the password in sequence (serialized) 
and this is used as a timing vector. 

Claim 4 is rejected as applied above in rejecting claim 3. Furthermore, Cho discloses: 

The method according to claim 3 wherein said serialized set of keystroke timings 
is selected from the group consisting of any timing differential between one key's 
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depression and any key's release, one key's depression to any other key's depression, 
one key's release to any other key's depression, and one key's release to any other 
key's release (column 3, lines 50-57), the timing vector is measured by the negative 
interval results when a current key is stroked before a previous key is released. 

Regarding claim 21, Cho discloses: 

A method for providing computer-based authentication, the method comprising 
the acts of: 

obtaining a data sample (column 3, lines 42-50), wherein while a user types in a 
password (passphrase) a timing vector from a keystroke characteristic is obtained; 

responsive to said obtained data sample, analyzing and abstracting the data 
sample into a non-repudiated data sample template (column 3, lines 45-57), wherein a 
user's timing vectors are extracted and stored as timing vectors; and 

verifying future data samples data against the non-repudiated data sample 
template to determine consistency or inconsistency between the future data samples as 
compared to the non-repudiated data sample template (column 5, lines 26-42), wherein 
the keystroke characteristics are compared to the stored timing vectors, and if the 
difference is within a threshold value, access is granted. 



Claim Rejections - 35 USC § 103 
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The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claim 2 is rejected under 35 U.S.C. 103(a) as being unpatentable over Cho et al. 
(U.S. Patent 6,151 ,593) in view of Gressel (U.S. Patent 6,31 1 ,272). 

Claim 2 is rejected as applied above in rejecting claim 1 . Cho does not explicitly 
disclose updating said keystroke template with future keystroke timings. Gressel 
discloses a biometric method which updates a template with fresh samples (Gressel: 
column 5, lines 20-30). Cho and Gressel are analogous arts as both contemplate using 
keystroke characteristics as a biometric template. Updating the template in Cho would 
be performed on subsequent authentication attempts by the user to keep the biometric 
sample fresh and more accurate. Therefore, it would have been obvious to use the 
biometric template updating of Gressel in the system of Cho for "compensating changes 
of such data, relating to migrating of measured data as a result of age, infirmity, or 
normal oscillations in personal biological patterns" (Gressel: column 7, lines 54-57). 

Claims 5-14, and 17-20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Cho et al. (U.S. Patent 6,151,593) in view of Gressel (U.S. Patent 
6,31 1 ,272) in further view of Bender et al. (U.S. Patent 7,206,938). 
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Claim 5 is rejected as applied above in rejecting claim 4. Cho-Gressel do not 
explicitly disclose performing nonce profiling of the keystroke timing data and the future 
keystroke timing data. 

The method according to claim 4 further including the act of performing nonce 
profiling of the keystroke timing data and the future keystroke timing data. . Bender 
discloses a key sequence recognition system which takes keystrokes (typings) and 
extracts mini-rhythms and use the mini-rhythms to form a keystroke sample (Bender: 
column 10, lines 44-62) which is used for validating later typings (new passphrase) 
(Bender: column 17, lines 29-34). Bender is analogous to Cho and Gressel as all three 
use biometrics (keystrokes) to validate a user's identity. Therefore, it would have been 
obvious to use mini-rhythms (nonces) to represent the keystrokes because a "mini- 
rhythm" is a statistically relevant used to quality rhythms which leads to more accurate 
assessment of a user's unique identity (Bender: column 8, lines 4-9). 

Claim 6 is rejected as applied above in rejecting claim 5. Cho-Gressel does not 
explicitly disclose configuring the nonce profiling into a new passphrase. . Bender 
discloses a key sequence recognition system which takes keystrokes (typings) and 
extracts mini-rhythms and use the mini-rhythms to form a keystroke sample (Bender: 
column 10, lines 44-62) which is used for validating later typings (new passphrase) 
(Bender: column 17, lines 29-34). Bender is analogous to Cho and Gressel as all three 
use biometrics (keystrokes) to validate a user's identity. Therefore, it would have been 
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obvious to use mini-rhythms (nonces) to represent the keystrokes because a "mini- 
rhythm" is a statistically relevant used to quality rhythms which leads to more accurate 
assessment of a user's unique identity (Bender: column 8, lines 4-9). 

Regarding claim 7, Cho discloses: 

A method for providing computer-based authentication utilization keystroke 
biometrics, the method comprising the acts of: 

predetermining a passphrase for plaintext authentication (column 2, lines 18-24: 
owner's password); 

typing the predetermined passphrase for plaintext authentication (column 3, lines 
58-67), wherein the input password is compared to the stored password; 

responsive to said act of typing, deriving keystroke characteristics including a 
plurality of initial typing data timings (column 3, lines 45-57), wherein a user's timing 
vectors are extracted and stored as timing vectors; 

responsive to said act of deriving keystroke characteristics including obtaining a 
plurality of initial typing data timings, abstracting the initial typing data timings into a 
template for verification at a later time (column 3, lines 45-57), wherein a user's timing 
vectors are extracted and stored as timing vectors. 

Cho does not explicitly teach receiving and verifying additional typing, and adding 
the additional timings to the template. Gressel discloses a biometric method which 
updates a template with fresh samples (Gressel: column 5, lines 20-30). Cho and 
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Gressel are analogous arts as both contemplate using keystroke characteristics as a 
biometric template. Updating the template in Cho would be performed on subsequent 
authentication attempts by the user to keep the biometric sample fresh and more 
accurate. Therefore, it would have been obvious to use the biometric template updating 
of Gressel in the system of Cho for "compensating changes of such data, relating to 
migrating of measured data as a result of age, infirmity, or normal oscillations in 
personal biological patterns" (Gressel: column 7, lines 54-57). 

Cho-Gressel do not explicitly disclose breaking down the additional data timings 
into nonces and responsive to breaking down the additional typings into nonces and 
reassembling the nonces into a new passphrase. Bender discloses a key sequence 
recognition system which takes keystrokes (typings) and extracts mini-rhythms and use 
the mini-rhythms to form a keystroke sample (Bender: column 10, lines 44-62) which is 
used for validating later typings (new passphrase) (Bender: column 17, lines 29-34). 
Bender is analogous to Cho and Gressel as all three use biometrics (keystrokes) to 
validate a user's identity. Therefore, it would have been obvious to use mini-rhythms 
(nonces) to represent the keystrokes because a "mini-rhythm" is a statistically relevant 
used to quality rhythms which leads to more accurate assessment of a user's unique 
identity (Bender: column 8, lines 4-9). 

Claim 8 is rejected as applied above in rejecting claim 7. Furthermore, Cho discloses: 
The method according to claim 7 wherein the keystroke characteristics include 
any timing differential between one key's depression and any key's release, one key's 
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depression to any other key's depression, one key's release to any other key's 
depression, and one key's release to any other key's release (column 3, lines 50-57), 
the timing vector is measured by the negative interval results when a current key is 
stroked before a previous key is released. 

Claim 9 is rejected as applied above in rejecting claim 8. Furthermore, Cho discloses: 

The method according to claim 8, further including the act of calculating total 
calculation points (column 3, lines 50-55). 

Claim 10 is rejected as applied above in rejecting claim 7. Cho does not explicitly 
disclose the calculating of a mean, variance and standard deviation, and using these to 
calculate a multiplication factor. Bender teaches calculating the variables using the 
mini-rhythm criteria and calculates the mean, and standard deviation for each column 
(Bender: column 13, lines 30-36). Furthermore, Bender conforms this to a normal 
distribution (normalizing weighting) and will use a multiplication factor to determine how 
many mini-rhythms must be present in the user's input to qualify as a valid signature 
(Bender: column 13, lines 30-37, column 15, lines 22-31 

Claim 11 is rejected as applied above in rejecting claim 8. Furthermore, Cho discloses: 

The method according to claim 8 wherein the total number of timings are 
determined as 2N-1 , and wherein N is a number of key presses (column 3, lines 50-57), 
wherein the timing vector has a dimension of 15 for a 7 character passphrase plus the 
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Claim 12 is rejected as applied above in rejecting claim 10. Furthermore, Cho does not 
disclose the readjusting of the calculations present in claim 10. Gressel discloses a 
biometric method which updates a template with fresh samples (Gressel: column 5, 
lines 20-30). Cho and Gressel are analogous arts as both contemplate using keystroke 
characteristics as a biometric template. Updating the template in Cho would be 
performed on subsequent authentication attempts by the user to keep the biometric 
sample fresh and more accurate. Therefore, it would have been obvious to use the 
biometric template updating of Gressel in the system of Cho for "compensating changes 
of such data, relating to migrating of measured data as a result of age, infirmity, or 
normal oscillations in personal biological patterns" (Gressel: column 7, lines 54-57). 

Claim 13 is rejected as applied above in rejecting claim 7. Cho does not explicitly 
disclose interpreting a raw score as a value, wherein the smaller the value, the higher 
the confidence and responsive to said interpreting act, calculating a threshold and 
inverting the value to obtain a translated score. Bender teaches determining a qualifying 
variable (raw score) wherein the lower it is, the less mini-rhythms have to be present for 
a positive validation, wherein there is a threshold for mistakes (Bender: column 14, 
lines 51-67, column 15, lines 1-25). This would be useful so that you can tighten or 
loosen the requirement for validation based on the purpose and the user (Bender: 
column 14, lines 55-62). 
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Claim 14 is rejected as applied above in rejecting claim 7. Cho does not explicitly 
disclose breaking down the additional data timings into nonces and responsive to 
breaking down the additional typings into nonces and reassembling the nonces into a 
new passphrase. Bender discloses a key sequence recognition system which takes 
keystrokes (typings) and extracts mini-rhythms and use the mini-rhythms to form a 
keystroke sample (Bender: column 10, lines 44-62) which is used for validating later 
typings (new passphrase) (Bender: column 17, lines 29-34). Bender is analogous to 
Cho and Gressel as all three use biometrics (keystrokes) to validate a user's identity. 
Therefore, it would have been obvious to use mini-rhythms (nonces) to represent the 
keystrokes because a "mini-rhythm" is a statistically relevant used to quality rhythms 
which leads to more accurate assessment of a user's unique identity (Bender: column 
8, lines 4-9). 

Claim 17 is rejected as applied above in rejecting claim 7. Furthermore, Cho discloses: 
The method according to claim 7 further including the act of requiring purchasers 
of products to perform the typing act (column 1 , lines 60-64). 

Claim 18 is rejected as applied above in rejecting claim 7. Furthermore, Cho discloses: 

The method according to claim 7 further including the act of requiring a person 
enrolled in online educational programs to perform the typing act prior to accessing 
online educational materials (column 1, lines 60-64). 
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Claim 19 is rejected as applied above in rejecting claim 7. Furthermore, Cho discloses: 
The method according to claim 7 further including the act of enhancing RADIUS 
protocols with the method (column 1 , lines 60-64). 

Regarding claim 20, Cho discloses: 

A method for providing computer-based authentication utilization keystroke 
biometrics, the method comprising the acts of: 

obtaining keystroke timing data of a user while the user types a passphrase 
(column 3, lines 42-50: wherein while a user types in a password (passphrase) a timing 
vector from a keystroke characteristic is obtained), wherein said keystroke timing data is 
selected from the group consisting of any timing differential between one key's 
depression and any key's release, one key's depression to any other key's depression, 
one key's release to any other key's depression, and one key's release to any other 
key's release (column 3, lines 50-57), the timing vector is measured by the negative 
interval results when a current key is stroked before a previous key is released; 

responsive to said obtained keystroke timing data, analyzing and abstracting the 
keystroke timing data into a keystroke data template (column 3, lines 45-57), wherein a 
user's timing vectors are extracted and stored as timing vectors.; 

verifying future keystroke timing data against the non-repudiated template 
(column 5, lines 26-42), wherein the keystroke characteristics are compared to the 
stored timing vectors, and if the difference is within a threshold value, access is granted; 
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receiving future keystroke timing data (column 5, lines 26-42), wherein the 
keystroke characteristics are compared to the stored timing vectors, and if the 
difference is within a threshold value, access is granted. 

Cho does not explicitly teach receiving and verifying additional typing, and adding 
the additional timings to the template. Gressel discloses a biometric method which 
updates a template with fresh samples (Gressel: column 5, lines 20-30). Cho and 
Gressel are analogous arts as both contemplate using keystroke characteristics as a 
biometric template. Updating the template in Cho would be performed on subsequent 
authentication attempts by the user to keep the biometric sample fresh and more 
accurate. Therefore, it would have been obvious to use the biometric template updating 
of Gressel in the system of Cho for "compensating changes of such data, relating to 
migrating of measured data as a result of age, infirmity, or normal oscillations in 
personal biological patterns" (Gressel: column 7, lines 54-57). 

Cho-Gressel do not explicitly disclose breaking down the additional data timings 
into nonces and responsive to breaking down the additional typings into nonces and 
reassembling the nonces into a new passphrase. Bender discloses a key sequence 
recognition system which takes keystrokes (typings) and extracts mini-rhythms and use 
the mini-rhythms to form a keystroke sample (Bender: column 10, lines 44-62) which is 
used for validating later typings (new passphrase) (Bender: column 17, lines 29-34). 
Bender is analogous to Cho and Gressel as all three use biometrics (keystrokes) to 
validate a user's identity. Therefore, it would have been obvious to use mini-rhythms 
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(nonces) to represent the keystrokes because a "mini-rhythm" is a statistically relevant 
used to quality rhythms which leads to more accurate assessment of a user's unique 
identity (Bender: column 8, lines 4-9). 

Claims 5-14, and 17-20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Cho et al. (U.S. Patent 6,151,593) in view of Gressel (U.S. Patent 
6,31 1 ,272) in further view of Bender et al. (U.S. Patent 7,206,938) in further in view of 
Kanevsky et al. (U.S. Patent 6,092,192). 

Claim 15 is rejected as applied above in rejecting claim 7. Cho-Gressel-Bender 
do not explicitly disclose wherein the method is performed using a JAVA applet/server 
pair. Kanevsky discloses a system which can use java applets to collect biometrics and 
send it to a server (Kanevsky: column 6, lines 3-13). Kanevsky is an analogous art to 
Cho, Gressel, and Bender as it pertains to biometric verification. It would have been 
obvious to use the java applet/server technology of Kanevsky with the system of Cho- 
Gressel-Bender so that the user can enroll on a web-page and supply his biometric vie 
the page (Kanevsky: column 6, lines 3-13). 

Claims 5-14, and 17-20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Cho etal. (U.S. Patent 6,151,593) in view of Gressel (U.S. Patent 
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6,31 1 ,272) in further view of Bender et al. (U.S. Patent 7,206,938) in further in view of 
Brown et al. (U.S. Patent 6,618,806). 

Claim 16 is rejected as applied above in rejecting claim 7. Cho-Gressel-Bender 
do not explicitly disclose using GINA technology. Brown uses GINA technology to 
supply biometrics for verification (column 3, lines 7-27). Brown is an analogous art to 
Cho-Gressel-Bender because all of them pertain to biometric verification. It would have 
been obvious to use the GINA technology of Brown in the system of Cho-Gressel- 
Bender so that authentication can occur on a Windows NT client which uses GINA DLL 
to challenge users for their user ID and password (Brown: column 3, lines 21-26). 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to KAVEH ABRISHAMKAR whose telephone number is 
(571)272-3786. The examiner can normally be reached on Monday thru Friday 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Kaveh Abrishamkar/ 
Examiner, Art Unit 2131 

IK. A./ 

March 3, 2008 
Examiner, Art Unit 2131 



